Bug 372981

Summary:	<net-voip/telepathy-gabble-0.10.5: MITM vulnerability (CVE-2011-1000)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	gnome, peper, voip+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2011-06-25 12:54:54 UTC

CVE-2011-1000 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1000):
  jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5,
  and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls
  via a crafted google:jingleinfo stanza that specifies an alternate server
  for streamed media.

Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev

2011-06-25 14:36:17 UTC

No versions in-tree suffer from this vulnerability.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2011-06-26 02:26:22 UTC

Could you elaborate? We have 0.10.5 stable, but I did not look into this in great detail.

Comment 3 Nirbheek Chauhan (RETIRED) gentoo-dev

2011-06-26 13:00:58 UTC

(In reply to comment #2)
> Could you elaborate? We have 0.10.5 stable, but I did not look into this in
> great detail.

I was merely saying that there's nothing here for maintainers and arch teams to do.

Comment 4 Tim Sammut (RETIRED) gentoo-dev

2011-06-26 20:30:03 UTC

GLSA Vote: yes.

Comment 5 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 21:49:38 UTC

Vote: YES. New GLSA request filed.

Comment 6 Sean Amoss (RETIRED) gentoo-dev

2014-06-01 15:42:43 UTC

This will not get a GLSA.